Telecommunication systems are built by service providers to connect users who are willing to pay to provide information to one another user. Telecommunication systems have evolved from physical mail systems to telegraph operations, and to telephony systems that are typically operated by a government monopoly known as the Post Telephone and Telegraph (PTT) administrations. Recently, telecommunications are transmitted via a collection of private and public packet networks called the Internet, and via mobile telephony and data networks to connect cellular handsets.
Throughout the history of development of telecommunication networks, governments have worked closely with industry to design and build them. Typically, a grant of use of public lands or airwaves by the government has resulted in reciprocal support of the local governments in the form of taxes and services in the public interest. Nearly all governments consider these telecommunication networks to be an integral part of the local and national infrastructure and require them to support emergency services.
A user may use a telecommunication network to conduct commercial or government business, or share personal information. The user trusts that his/her communication content with another user via the telecommunication network remains private. However, it has recently been publicized that it is not always possible to trust that the intermediate servers or nodes or the network itself has not been compromised by the government, the service providers, or by criminal elements that exploit weaknesses in the technology. To overcome this, direct communications between peers known as peer-to-peer (P2P) secured by strong encryption of transmitted data has been created.
Many applications today are typically Web-based (hypertext transfer protocol (HTTP)-based), run over-the-top (OTT) of a service provider's packet networks, and hence limit their exposure to what is available in low-level packet headers. However, they rely on proxy servers that are operated by third parties to interconnect users. Such solutions shift the nature of the third party from a network operator to an application service provider. A system running a traditional application (e.g., GOOGLE®) is vulnerable to a security issue.
An ideal solution would be to have direct connections between peer applications with no third party servers involved. However, that is stymied by a feature of nearly all networks: network address and port translator (NAPT). NAPT was introduced to enable users on a private side of a network to share limited public Internet Protocol version 4 (IPv4) addresses available to a private or public service provider's network. The NAPT enables sharing (optionally adding security) by opening pinholes for a limited time when a packet is sent from the private side to the public Internet. A pinhole is a temporary assignment of a public Internet protocol (IP) and port number to a communication source private IP/port address. When a pinhole is assigned, a packet from the distant part can traverse the NAPT in the inbound direction. The NAPT can further exhibit a variety of restrictive behaviors.
Mobility introduces another possible security weakness. If both peer applications move simultaneously, their IP addresses may no longer be valid. The peer applications require a mechanism to re-discover their IP addresses of each other. A typical approach is for a peer application to connect to a registry and report an identity of the peer application and a current location or address. With P2P, this approach may be avoided if only one peer application moves at a time and keeps the other peer up to date. But, due to a coverage or inactivity, peer applications may no longer have valid IP addresses for other peer applications.
The Internet Engineering Task Force (IETF) has created solutions to establish connections through NAPT, recognized by the acronyms session traversal utilities for network address translation (NAT) (STUN) and traversal using relays around NAT (TURN). Although initially designed to enable direct real-time transport protocol (RTP) connections between voice over IP (VoIP) user agents, STUN and TURN have since been made more generic. However, they still rely on an existing communication path to share IP and port candidates to boot-strap a direct communications session. Many secure systems today rely on centralized servers to perform a variety of functions that provide a network point at which third-party monitoring can occur. Registrars and proxies provide a potential weak point in the security of a system.
A typical telecommunications system relies on a service provider network to connect two users who wish to communicate by voice, text, video, and/or a file transfer. The service provider network supports the communication between the two users from a network aspect and an application aspect. A conventional telecommunications network such as public switched telephone network (PSTN) does not separate the network aspect and the application aspect; however, a service provider network may create the separation between the network and the application aspect by supporting applications over the Internet Protocol (IP) layer. The network aspect of the communication involves a transmission of a message or a streaming of a file from one user to another user. The application aspect of the communication involves the control and management of the message/file stream and the identities of the users.
Recent telecommunication systems allow network aspect to be operated and controlled by one provider, while the application aspect is operated and controlled by a separate application provider. In this case, the application-related information and the network-related information are split across two operators. The application-related information and the network-related information may be visible to a third party operator or a man-in-the-middle between two users in communication. Systems based on a peer-to-peer (P2P) model move the application aspects to the two communicating user devices. However, most application providers that claim to be P2P often have a third-party server that controls the application information.
The metadata associated with a user and the user device is created and managed by a central authority, typically through a registry of users. The registry of users may contain information that may concern users who wish to have a higher degree of privacy through a true P2P communication with other users.